How it works

By adding LeadExec Sign-In, you bring the power of LeadExec to your application. When a user is signed in, you get an authentication token for making API requests on their behalf, which you can use to customize your application experience based on their settings and information in their account.

The first time a user clicks the sign-in button, they will see an authorization dialog. This dialog outlines what information your application will be able to access. The user then can consent to the authorization or cancel. Aver authorizing, a returning user will not be prompted again for authorization.

A user always has the option to revoke access to an application at any time.

Important: Your use of the LeadExec Sign-In button is subject to the ClickPoint Software LeadExec Platform Terms of Service.

Try It

Success! You have accepted access to your account.
Failure! You have denied access to your account.

How to use the LeadExec sign-in button

When you sign up as an application partner with ClickPoint Software, your application gets an application ID. You will also receive a sign-in button ID that you will use to generate your sign-in button. Your application ID will be used along with the refresh token you receive during authentication to generate an access token that you can use to call LeadExec's API.

Adding a LeadExec Sign-In button to your application requires you to:

  1. Sign up with ClickPoint Software and receive your application and button IDs.
  2. Include the LeadExec Sign-In script on your page.
  3. Add the button to your page.
  4. Handle the sign-in with a JavaScript callback.

Step 1: Sign up with ClickPoint Software's Application Partner system

Please contact for more information on how to become an application partner.

Step 2: Include the LeadExec Sign-In script on your page

Just before your <body> tag, include the following script:

<!-- LeadExec Application Button Code Block --> 
<script type="text/javascript">
    (function() {
        var cpbutton = document.createElement('script');cpbutton.type = 'text/javascript';cpbutton.async = true;
        cpbutton.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + '';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(cpbutton, s);
        var styles = "@import url('" + ('https:' == document.location.protocol ? 'https://' : 'http://');
        styles = styles + '' + "');";
        var newSS = document.createElement('link');
        newSS.rel = 'stylesheet';
        newSS.href = 'data:text/css,' + escape(styles);
<!-- End Code Block --> 

The above example follows the best practice of using asynchronous loading of the JavaScript file for improved performance.

Next, you will add the sign-in button to your app.

Step 3: Adding a sign-in button to your page

Choose a place on your page where you want the button to render and insert the following HTML markup. You must replace BTN_ID with the value of your button ID that you received.

<button id="leAppButton" 
	data-btnId="BTN_ID">Sign in with LeadExec</button>

When the user clicks the button, they are prompted to authorize the app to access their data. The callback function AuthorizeResult will handle the result of the authorization.

You will next implement the callback function.

Step 4: Handling the sign-in

The callback function is a JavaScript function you write that is triggered after the user authorizes or declines access to the information requested by your app. The function is passed an object that represents the authorization result.

If the user previously agreed to allow your application access through this button, or another button representing the same application, they are automatically logged in. The callback function is called automatically as soon as the sign-in button is rendered and passed a new authorization object with an authorization token

The authorization object contains an error field that contains information about problems that might occur when authorizing your app. For example, if the user denies access to the requested methods, the callback is triggered and the object's error field contains the reason.

Callback example:
function AuthorizeResult(result) {
  if (result.valid) {
    // Successfully authorized
    // Hide the sign-in button now that the user is authorized, for example:
    document.getElementById('leAppButton').setAttribute('style', 'display: none');
  } else if (result.error) {
    // There was an error.
    // Use the error section to identify what went wrong

This example checks if access was granted, denied, or an error occurred.

If you wish to track the signed-in state of your user independently of the LeadExec signed-in state, you might set a cookie at this point.

Obtaining an access token from the refresh token

Once you have received a confirmation that the user has granted your application access. You must then request an access token for API calls.

Each access token has a life of 1 hour and you will use your refresh token as well as your application ID to request a new access token.

Heads up! Your application ID is very important, anyone with your application ID as well as the refresh token can request a new access token.

To request a new access token, visit the following URL:

You will receive the following parameters

Key Description
valid If the combination of application ID and refresh token is valid and the refresh token has not been revoked.
refreshToken The refresh token supplied during the call.
authToken Access authorization token to be used when making API calls.
expireDate Date and time that the authToken expires (sent as universal time).
errorMessage Details when an error occures or a refresh token is not valid.

Disconnecting your application from a LeadExec account

To follow our developer policies, your app must provide a way to delete the association between your app and a users account. By adding this capability to your app, you can respond to the event and trigger any appropriate logic.

The following JavaScript example demonstrates with jQuery how to format a request and disconnect your application.

<script type="text/javascript">
function disconnectUser(refresh_token) {
  var revokeUrl = '' +

  // Perform an asynchronous GET request.
    type: 'GET',
    url: revokeUrl,
    async: false,
    contentType: "application/json",
    dataType: 'jsonp',
    success: function(result) {
      // Do something now that user is disconnected
    error: function(e) {
      // Handle the error
// Could trigger the disconnect on a button click